platform/core/security/yaca.git
4 years agoClarify calling update only once with CCM 25/236725/3
Lukasz Pawelczyk [Fri, 19 Jun 2020 13:48:48 +0000 (15:48 +0200)]
Clarify calling update only once with CCM

When using BCM_CCM yaca update function can be called only once for
the plaintext or ciphertext regardless of using AAD. Clarify that in
the docs.

Change-Id: I350404dd0be10dd7c70d565e60a73497b6601de7

4 years agoClarify possible AAD length 24/236724/3
Lukasz Pawelczyk [Fri, 19 Jun 2020 13:35:07 +0000 (15:35 +0200)]
Clarify possible AAD length

Change-Id: I86f83db0c144508fbca593be27bb9c558a69a195

4 years agoDistinguish different cases with the same OpenSSL error code 23/236723/3
Lukasz Pawelczyk [Fri, 19 Jun 2020 13:25:52 +0000 (15:25 +0200)]
Distinguish different cases with the same OpenSSL error code

When importing a key with a wrong password and decrypting data with
wrong key/bcm or simply broken data OpenSSL can return exactly the
same error code (ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX,
EVP_R_BAD_DECRYPT). As we need to distinguish INVALID_PARAM and
INVALID_PASS in import_key, but decryption cannot return INVALID_PASS
handle this manually in the decryption.

Change-Id: Iba2b5fccfb1660c20b76a345bc799a0b145d700c

4 years agoPadding has to be set before update in case of decryption 22/236722/3
Lukasz Pawelczyk [Thu, 18 Jun 2020 15:53:32 +0000 (17:53 +0200)]
Padding has to be set before update in case of decryption

When doing encrypt/seal padding can be set before finalize as was
before. But it appears that decrypt behaves differently. In that case
padding has to be set before update or the decryption will be
incorrect.

Change-Id: I86ede38d0d79d401329c25c656e5c6b4c92e02cb

4 years agoHandle errors from EVP_PKEY_CTX_set_* 21/236721/2
Lukasz Pawelczyk [Wed, 17 Jun 2020 16:19:54 +0000 (18:19 +0200)]
Handle errors from EVP_PKEY_CTX_set_*

Not every error from EVP_PKEY_CTX_set_* is INTERNAL. Some should be
handled lightly like trying to set DH key with bit_len < 256.

Change-Id: I5993c8d04600ae1e5b0851d924087704c58c0f9c

4 years agoRemove unused OpenSSL RAND methods 60/233160/3
Lukasz Pawelczyk [Tue, 12 May 2020 12:57:29 +0000 (14:57 +0200)]
Remove unused OpenSSL RAND methods

According to docs we can pass NULL to the functions we don't want/need
in RAND_METHOD struct. As we don't use them, drop those unneeded.

RAND_pseudo_bytes() was deprecated in OpenSSL 1.1.0.

Change-Id: Id28795119d6efdd11664d1d81be0524d87e987cf

4 years agoRemove support for OpenSSL 1.0.x, it's EOL 43/233043/4
Lukasz Pawelczyk [Mon, 11 May 2020 16:26:16 +0000 (18:26 +0200)]
Remove support for OpenSSL 1.0.x, it's EOL

Change-Id: If860fb8c5f3ea3fc128d52860e923e0cff582cd2

4 years agoBetter error handling in encrypt_ctx_init() and encrypt_ctx_setup_iv() 36/232936/5
Lukasz Pawelczyk [Fri, 8 May 2020 08:38:43 +0000 (10:38 +0200)]
Better error handling in encrypt_ctx_init() and encrypt_ctx_setup_iv()

Some calls to encrypt_ctx_init() and encrypt_ctx_setup_iv() asserts
their return code that it cannot be EINVAL. But the OpenSSL functions
there (namely EVP_CIPHER_CTX_set_key_length() and EVP_CIPHER_CTX_ctrl)
can fail because of other reasons. Handle this properly.

Side effect of this change is that while setting wrong IVLEN for CCM
it's impossible to distinguish error codes, as OpenSSL does not set
them in most cases. Handle this internally.

Change-Id: Ib82871c8f4bf348c9ff4b90467886edcc19f6f9e

4 years agoAdd yaca's include deps to examples 19/232819/6
Lukasz Pawelczyk [Thu, 7 May 2020 11:36:35 +0000 (13:36 +0200)]
Add yaca's include deps to examples

Change-Id: I3dbaf43351efe3bec426503e5181d549415dadd3

4 years agoChange key_copy API, it's only used in one place 94/232594/7
Lukasz Pawelczyk [Wed, 6 May 2020 16:16:31 +0000 (18:16 +0200)]
Change key_copy API, it's only used in one place

Only simple keys are copied and only in one place. Simplify it to a
specialized function and put it as static where it's needed.

Change-Id: I4d83ab4b3290ad9758315045345450f7d5cf2d3b

4 years agoHandle errors properly in various key.c functions 41/232441/7
Lukasz Pawelczyk [Mon, 4 May 2020 15:16:00 +0000 (17:16 +0200)]
Handle errors properly in various key.c functions

BIO_flush()
BIO_read()
BIO_write()
BIO_reset()
EVP_aes_256_cbc()
EVP_PKEY_up_ref()

Change-Id: Id74d0710ce8a12f982d0011b83d46880fe2b6116

4 years agoClarify the code that caused many sleepless engineers 88/232288/6
Lukasz Pawelczyk [Wed, 29 Apr 2020 16:29:53 +0000 (18:29 +0200)]
Clarify the code that caused many sleepless engineers

We have to stop this madness.

Change-Id: I7407efe46ac02c0c2427966eb4bd52db180522fc

4 years agoAdd all debug functions to debug.h 56/232156/6
Lukasz Pawelczyk [Tue, 28 Apr 2020 15:33:44 +0000 (17:33 +0200)]
Add all debug functions to debug.h

Add translate_error that was not available.
Move others from internal.
Include debug.h in internal.h.

The reason for that is to make it easier to test debug functions by
only including debug.h. internal.h is not includable by C++ code.

Both those headers are internal and nothing changes in terms of public
API.

Change-Id: Ica6886c9253d45a5f131a36b457044132daee14a

4 years agoUnify errors treating from OpenSSL functions. 55/232155/6
Lukasz Pawelczyk [Tue, 28 Apr 2020 14:33:25 +0000 (16:33 +0200)]
Unify errors treating from OpenSSL functions.

Have 3 lines block almost everywhere where we call OpenSSL function
and want to handle its error code. Always ERROR_DUMP in such a case.

Also some other unification of OpenSSL returns where we don't care
about its errors (loading keys where errors are expected due to
autodetection).

Change-Id: Ie9e2f19bae099cfaddaa9c45a6de985f09b3f97b

4 years agoTreat OPEN same way as DECRYPT in case of a CipherUpdate/Final error 54/232154/7
Lukasz Pawelczyk [Tue, 28 Apr 2020 13:09:18 +0000 (15:09 +0200)]
Treat OPEN same way as DECRYPT in case of a CipherUpdate/Final error

Without this change Decrypt returned INVALID_PARAM, while Open
returned INTERNAL in the same case (e.g. wrong key).

Change-Id: I8aaf77b4a550303a68834dd0ace9fa5a52130868

4 years agoHandle keys in seal a little bit better 96/231896/8
Lukasz Pawelczyk [Fri, 24 Apr 2020 17:18:13 +0000 (19:18 +0200)]
Handle keys in seal a little bit better

Change-Id: Ibf5ed3502da10003c7489a7d1ca3e327dea0615e

4 years agoHandle unreachable code in different ways 08/231708/9
Lukasz Pawelczyk [Thu, 23 Apr 2020 13:24:52 +0000 (15:24 +0200)]
Handle unreachable code in different ways

The idea is to remove unreachable code where possible. To change it to
asserts where it makes sense. To mark it with explicit assert(false)
where unreachable code can't be removed.

There are cases where unreachable code needs to exist to silence
compiler warnings. Eg. default cases for switch. Mark them with
assert(false) so it's immediately visible that the flow should never
reach them (e.g. because the check has been performed earlier and it's
internal function).

Change-Id: I7d53c9772fe54b5c4dfd0f7205eec633fe4b9c20

4 years agoIf data_len is strange here it's OpenSSL's fault, not inputs 94/231894/7
Lukasz Pawelczyk [Fri, 24 Apr 2020 16:41:40 +0000 (18:41 +0200)]
If data_len is strange here it's OpenSSL's fault, not inputs

Change-Id: I9441cb0e3f9753ad04e59a8e6673839dbc23718f

4 years agoAdd clarification comment for key_import 93/231893/7
Lukasz Pawelczyk [Fri, 24 Apr 2020 15:58:44 +0000 (17:58 +0200)]
Add clarification comment for key_import

Change-Id: I37f43f15692c596fdfac91ef8f37bccac9bbf3c8

4 years agoRemove unreachable function 92/231892/7
Lukasz Pawelczyk [Fri, 24 Apr 2020 15:37:49 +0000 (17:37 +0200)]
Remove unreachable function

Use the default callback in its place and return 0 immediately (u ==
NULL).

Change-Id: I34e15acd52dd352197f16a1dee93df14023ac6ae

4 years agoAdd more errors to invalid parameter in error_handle 90/231890/6
Lukasz Pawelczyk [Fri, 24 Apr 2020 14:14:21 +0000 (16:14 +0200)]
Add more errors to invalid parameter in error_handle

RSA: It happens when we give wrong RSA key for asymmetric decryption.
PEM: It happens when importing broken PEM.

Change-Id: I64b39566d7b17a52bafe2b94bb84daec51edaeee

4 years agoThose functions can be static now 07/231707/5
Lukasz Pawelczyk [Thu, 23 Apr 2020 14:12:21 +0000 (16:12 +0200)]
Those functions can be static now

I suppose they were used in seal previously. They're only used
directly from encrypt.c now.

Also move some structs to encrypt.c that are not used anywhere else as
well.

Change-Id: I64fbac4c7f011fedde6fdf5b3263f253ab863802

4 years agoAdd extern C for debug.h 06/231706/5
Lukasz Pawelczyk [Thu, 23 Apr 2020 12:59:45 +0000 (14:59 +0200)]
Add extern C for debug.h

Change-Id: I9124353e1a0e5a6f4c71c23f41952aac161a0515

4 years agoFix checking input params for get_iv_length 60/231160/5
Lukasz Pawelczyk [Fri, 17 Apr 2020 15:56:25 +0000 (17:56 +0200)]
Fix checking input params for get_iv_length

Without this change it was possible to trigger an assert using top
level API.

Unify wording for key_bit_len param "divisible by 8".

Change-Id: Iba4a121c38ce3dc78a7531a1df984c014edf84da

4 years agoUse TEMP_FAILTURE_RETRY instead of checking EINTR by hand 84/230384/4
Lukasz Pawelczyk [Thu, 9 Apr 2020 15:51:15 +0000 (17:51 +0200)]
Use TEMP_FAILTURE_RETRY instead of checking EINTR by hand

Change-Id: Ic1c97915c98bfa26cc04f28adf3d3292ef157aa2

4 years agoChange the way coverage is triggered in spec 83/229683/4
Lukasz Pawelczyk [Thu, 2 Apr 2020 15:40:16 +0000 (17:40 +0200)]
Change the way coverage is triggered in spec

Use --define "build_type COVERAGE". This way I can set -O0 which is
required for reliable results. Also removed unused CMAKE variable.

Change-Id: I8a1540d0ea9966f8aa49cf6d24509dcfb5bf65bd

4 years agoFix yaca_memcmp() properly returning INVALID_PARAMETER 81/229381/4
Lukasz Pawelczyk [Tue, 31 Mar 2020 15:02:20 +0000 (17:02 +0200)]
Fix yaca_memcmp() properly returning INVALID_PARAMETER

Change-Id: I6c788d0a28b170b2dd97ee4866b4fd61dba068ca

4 years agoFix issues with deallocation of keys in example code 76/224976/1 accepted/tizen/unified/20200216.215221 submit/tizen/20200214.123128
Tomasz Swierczek [Fri, 14 Feb 2020 10:17:55 +0000 (11:17 +0100)]
Fix issues with deallocation of keys in example code

Change-Id: I317500fe8d5e6f1cde396dcd9ecfeb225bf3401b

5 years agoMake gcov package when --define 'gcov ON' is given 50/217250/1 accepted/tizen/unified/20191108.142953 submit/tizen/20191108.073429
Dongsun Lee [Fri, 8 Nov 2019 03:00:28 +0000 (12:00 +0900)]
Make gcov package when --define 'gcov ON' is given

Change-Id: I2268f6cbf22565b712a7af5038ceb6d222a06772
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
5 years agoFix build error at python 3.7.3 aarch64 11/215811/1 accepted/tizen_5.5_unified_mobile_hotfix accepted/tizen_5.5_unified_wearable_hotfix tizen_5.5_mobile_hotfix tizen_5.5_tv tizen_5.5_wearable_hotfix accepted/tizen/5.5/unified/20191031.022057 accepted/tizen/5.5/unified/mobile/hotfix/20201027.090004 accepted/tizen/5.5/unified/wearable/hotfix/20201027.112644 accepted/tizen/unified/20191017.105741 submit/tizen/20191017.060053 submit/tizen_5.5/20191031.000004 submit/tizen_5.5_mobile_hotfix/20201026.185104 submit/tizen_5.5_wearable_hotfix/20201026.184304 tizen_5.5.m2_release
DongHun Kwak [Wed, 16 Oct 2019 06:46:43 +0000 (15:46 +0900)]
Fix build error at python 3.7.3 aarch64

Change python macro at spec file
 python3-sitelib -> python3-sitearch

Change-Id: I2158ac6151fa6cd09397ef35f630f83db743049e
Signed-off-by: DongHun Kwak <dh0128.kwak@samsung.com>
5 years agoRelease 0.0.5 18/215718/1 accepted/tizen/unified/20191015.012036 submit/tizen/20191014.132010
Krzysztof Jackiewicz [Mon, 14 Oct 2019 12:42:10 +0000 (14:42 +0200)]
Release 0.0.5

Change-Id: If8d3f1f0bc6bb0439366600a46082e15c02d82e0

5 years agoFix memory leak reported by Coverity 91/215691/1
Krzysztof Jackiewicz [Mon, 14 Oct 2019 08:33:52 +0000 (10:33 +0200)]
Fix memory leak reported by Coverity

Change-Id: I2c9642848897fab2994ad612ef41a9703a529d11

5 years agoRelease 0.0.4 95/210395/1 accepted/tizen/unified/20190724.130059 submit/tizen/20190719.120437 submit/tizen/20190724.083537
Dariusz Michaluk [Thu, 18 Jul 2019 15:13:54 +0000 (17:13 +0200)]
Release 0.0.4

Change-Id: I93f168da700c155b3267c5a47970edbb4bf0fa63

5 years agoMigrate to openssl 1.1 79/206979/2
Konrad Lipinski [Wed, 29 May 2019 15:48:39 +0000 (17:48 +0200)]
Migrate to openssl 1.1

Change-Id: I07c36154ada7a74d59ba1e8d784309475157db33

5 years agoFix TYPO in document 84/198484/1
Dongsun Lee [Fri, 25 Jan 2019 00:25:06 +0000 (09:25 +0900)]
Fix TYPO in document

Change-Id: I9e9f5fff90b9f51151773e5d75bd7c44992d27e5
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
6 years agoFix pycodestyle issue 77/181877/1
Lukasz Pawelczyk [Mon, 18 Jun 2018 11:41:52 +0000 (13:41 +0200)]
Fix pycodestyle issue

pycodestyle: E741 ambiguous variable name 'l'

Change-Id: Id70e425e51da8bcd10afd579080d20b2cc9c9d4c

6 years agoFix some pylint issues 39/180539/2
Lukasz Pawelczyk [Wed, 30 May 2018 12:30:56 +0000 (14:30 +0200)]
Fix some pylint issues

- not using len(seq) as a condition
- too wide wildcard import

Change-Id: I546ccc68729f2ba831dd0f73714aa234cc7254d1

6 years agoPython3 bindings for YACA 14/161314/8
Lukasz Pawelczyk [Fri, 17 Nov 2017 13:51:46 +0000 (14:51 +0100)]
Python3 bindings for YACA

Change-Id: Ia7e7bf329d6b2e87c6587481dfe5c870ef482e54

6 years agoRelease 0.0.3 56/172556/1 submit/tizen/20180315.113946
Dariusz Michaluk [Wed, 14 Mar 2018 11:22:32 +0000 (12:22 +0100)]
Release 0.0.3

Change-Id: Ibafba8ab1f73392aa7a27483c468fafb33245dca

7 years agoClarification for key_derive_dh, EC keys are also accepted 96/160696/1
Lukasz Pawelczyk [Fri, 17 Nov 2017 14:20:36 +0000 (15:20 +0100)]
Clarification for key_derive_dh, EC keys are also accepted

Change-Id: I763712bb97de47267ebd1303bc3718c573edb164

7 years agoHandle special use case of EVP_DigestSignFinal() 72/160672/1
Lukasz Pawelczyk [Fri, 17 Nov 2017 10:34:07 +0000 (11:34 +0100)]
Handle special use case of EVP_DigestSignFinal()

EVP_DigestSignFinal() does not behave the same as other OpenSSL *Final
functions in regards to its length param. Handle this use case so its
different behaviour is not propagated onto YACA.

Change-Id: Iac9338e00a39a986049d1504791ff5e409da96f1

7 years agoFix possible segfault in seal_initialize 71/160671/1
Lukasz Pawelczyk [Fri, 17 Nov 2017 10:32:26 +0000 (11:32 +0100)]
Fix possible segfault in seal_initialize

The iv is not mandatory. It depends on bcm mode and is already checked
in this function. Don't blindly write to *iv because in some cases it
might be NULL.

Change-Id: Ieddf81b77482d2aec49d1cde3291c08d702b7c43

7 years agoSome additional API usage clarifications regarding keys 70/160670/1
Lukasz Pawelczyk [Fri, 17 Nov 2017 10:31:23 +0000 (11:31 +0100)]
Some additional API usage clarifications regarding keys

Change-Id: I375ff08deedfdc4669f40dbf6a7473d216e531ed

7 years agoFix: yaca_context_get_property() implementation unconsistent with documentation 64/160164/1
Dariusz Michaluk [Tue, 14 Nov 2017 15:27:57 +0000 (16:27 +0100)]
Fix: yaca_context_get_property() implementation unconsistent with documentation

Change-Id: I5ffd12d68b2bc2764da50d7e7bc5dd1b92eb5ebb

7 years agoInstall license file 42/119842/1
Krzysztof Jackiewicz [Mon, 20 Mar 2017 08:47:05 +0000 (09:47 +0100)]
Install license file

Change-Id: I1e80b2686d46e369084d062f2b0ef3c0e9e1d76d

7 years agoRemove unused code in CMakeLists 94/113394/2
Piotr Sawicki [Tue, 7 Feb 2017 09:15:56 +0000 (10:15 +0100)]
Remove unused code in CMakeLists

Change-Id: I31210f92e62e5fce7035b4e5693c58fda8b29e5a

7 years agoApply the reviewed API documentation 91/112891/2
sangwan.kwon [Fri, 3 Feb 2017 06:33:14 +0000 (15:33 +0900)]
Apply the reviewed API documentation

Change-Id: I071343de3d70cf0bcc4b1bf10b53ea878ff3da5d
Signed-off-by: sangwan.kwon <sangwan.kwon@samsung.com>
8 years agoYACA : Make capi-base-common an optional dependency 74/99874/5
Mateusz Forc [Wed, 23 Nov 2016 12:04:57 +0000 (13:04 +0100)]
YACA : Make capi-base-common an optional dependency

Change-Id: I6cc9995fecc7a5bf9849fb4d0e2d5e2c26058fa1

8 years agoReplace spaces with tabs 98/95998/2 accepted/tizen_4.0_unified accepted/tizen_5.0_unified accepted/tizen_common accepted/tizen_ivi accepted/tizen_mobile accepted/tizen_tv accepted/tizen_wearable accepted/tizen/4.0/unified/20170816.011448 accepted/tizen/4.0/unified/20170829.020006 accepted/tizen/5.0/unified/20181102.020909 accepted/tizen/common/20161108.131525 accepted/tizen/ivi/20161108.001450 accepted/tizen/mobile/20161108.001352 accepted/tizen/tv/20161108.001407 accepted/tizen/unified/20170309.033544 accepted/tizen/wearable/20161108.001429 submit/tizen/20161107.233654 submit/tizen_4.0/20170811.094300 submit/tizen_4.0/20170828.100004 submit/tizen_4.0/20170828.110004 submit/tizen_5.0/20181101.000004 submit/tizen_unified/20170308.100409 tizen_4.0.IoT.p1_release tizen_4.0.IoT.p2_release tizen_4.0.m1_release tizen_4.0.m2_release
Krzysztof Jackiewicz [Mon, 7 Nov 2016 08:21:36 +0000 (09:21 +0100)]
Replace spaces with tabs

Tab policy [IDT_M_TAB] have changed from optional to mandatory and whole code
has to be adjusted.
doc/coding_rules.txt updated.
File access rights fixed

Change-Id: I7b855be9560e9b4f134294a1f97a70a50af578c1

8 years agoRelease 0.0.2 21/92721/1
Dariusz Michaluk [Tue, 18 Oct 2016 07:24:32 +0000 (09:24 +0200)]
Release 0.0.2

Change-Id: I62a0ff6fff1b3a3b4cdfa611c59a310555b9e001

8 years agoRemove outdated TODO's 00/91800/1
Dariusz Michaluk [Tue, 11 Oct 2016 11:02:21 +0000 (13:02 +0200)]
Remove outdated TODO's

Change-Id: I2a0d00923ffa4f105461a7ee2bc6bb025c6bdb82

8 years agoInclude examples in documentation. 73/91073/2
Dariusz Michaluk [Wed, 5 Oct 2016 12:37:49 +0000 (14:37 +0200)]
Include examples in documentation.

Change-Id: Ifeb8ae0e322eae37bc9642dbc166c3ee68c694cc

8 years agoSimplify and unify examples. 74/90874/6
Dariusz Michaluk [Mon, 3 Oct 2016 16:04:57 +0000 (18:04 +0200)]
Simplify and unify examples.

Change-Id: I6f6f7997c3c04af686b4ec0202cde3027d630e9f

8 years agoProperly address function arguments in documentation 01/89401/8
Dariusz Michaluk [Fri, 23 Sep 2016 09:40:43 +0000 (11:40 +0200)]
Properly address function arguments in documentation

Change-Id: Icb8e9928cf38b88b1697f3c676007a2fa117e354

8 years agoReplace EVP_CIPHER_CTX_type() with EVP_CIPHER_CTX_nid(). 45/89145/8
Dariusz Michaluk [Thu, 22 Sep 2016 11:25:57 +0000 (13:25 +0200)]
Replace EVP_CIPHER_CTX_type() with EVP_CIPHER_CTX_nid().

Both functions returns NID, so always use only one of them.

Change-Id: I8471b45b7b26af0f7c29f86a4fe29f10eec57b60

8 years agoFix minor sign API errors. Fix documentation. 99/88199/9
Dariusz Michaluk [Wed, 14 Sep 2016 11:11:38 +0000 (13:11 +0200)]
Fix minor sign API errors. Fix documentation.

OpenSSL errors:
 - dsa routines:PKEY_DSA_CTRL:invalid digest type
 - elliptic curve routines:PKEY_EC_CTRL:invalid digest type
 - rsa routines:RSA_sign:digest too big for rsa key
 - rsa routines:CHECK_PADDING_MD:invalid x931 digest
 - rsa routines:PKEY_RSA_SIGN:key size too small

Change-Id: I87a51e39168885600a4ab68b754bea650411a903

8 years agoDon't check *digest_len in yaca_digest_finalize() 43/90143/3
Krzysztof Jackiewicz [Wed, 28 Sep 2016 12:31:35 +0000 (14:31 +0200)]
Don't check *digest_len in yaca_digest_finalize()

It's an [out] argument and value pointed by it shouldn't be checked.

Change-Id: I15e9b7c1e5e7e3de5cbaa4a4492b41b3929a0f28

8 years agoIncrease minimal RSA keysize from 256 to 512 bits 03/89003/4
Dariusz Michaluk [Wed, 21 Sep 2016 09:40:19 +0000 (11:40 +0200)]
Increase minimal RSA keysize from 256 to 512 bits

Change-Id: I87fd19881867c560ae8684341e182fe85f14304f

8 years agoHandle sign/digest API call order 00/88200/6
Dariusz Michaluk [Wed, 14 Sep 2016 11:16:32 +0000 (13:16 +0200)]
Handle sign/digest API call order

Change-Id: Idf64e1b9c3d6dbbe319dbce54786407c941db90a

8 years agoFix: ECB and CBC with padding always needs yaca_decrypt_update() 32/88232/4
Dariusz Michaluk [Thu, 15 Sep 2016 09:09:46 +0000 (11:09 +0200)]
Fix: ECB and CBC with padding always needs yaca_decrypt_update()

In case of empty message encryption we can skip yaca_encrypt_update(),
then yaca_encrypt_finalize() returns encrypted block at the output.
During decryption, we can't skip yaca_decrypt_update().

Change-Id: Ib4a5d06f03560ea8b26f6bec674721a62fe1f72b

8 years agoFix TYPO for removing warning during doxygen generation 40/89240/1 accepted/tizen/3.0/ivi/20161011.070302 accepted/tizen/3.0/mobile/20161015.034257 accepted/tizen/3.0/tv/20161016.005901 accepted/tizen/3.0/wearable/20161015.084629 accepted/tizen/common/20160926.154101 accepted/tizen/ivi/20160927.020858 accepted/tizen/mobile/20160927.020840 accepted/tizen/tv/20160927.020646 accepted/tizen/wearable/20160927.020823 submit/tizen/20160926.005548 submit/tizen_3.0_common/20161104.104000 submit/tizen_3.0_ivi/20161010.000008 submit/tizen_3.0_mobile/20161015.000007 submit/tizen_3.0_tv/20161015.000006 submit/tizen_3.0_wearable/20161015.000007
Dongsun Lee [Fri, 23 Sep 2016 01:12:47 +0000 (10:12 +0900)]
Fix TYPO for removing warning during doxygen generation

Change-Id: I1a971b00b321a56e6ea59d03f3c51056494f16ab
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
8 years agoRemove get_sign_property() functionality 93/88093/2
Dariusz Michaluk [Tue, 13 Sep 2016 08:14:31 +0000 (10:14 +0200)]
Remove get_sign_property() functionality

Change-Id: Iadecd8f919eff7a3aa6efe6f4cdc096b5539ace5

8 years agoDescribe padding usage for sign/verify operations 14/88114/2
Lukasz Pawelczyk [Tue, 13 Sep 2016 11:03:16 +0000 (13:03 +0200)]
Describe padding usage for sign/verify operations

Change-Id: I4efa09f2a57c7fcd5f81124fc57bcbf890b484d4

8 years agoRevert "Fix svace defects" 65/87865/2
Kyungwook Tak [Mon, 12 Sep 2016 01:30:53 +0000 (10:30 +0900)]
Revert "Fix svace defects"

This reverts commit 60428c2b10ccec13afe901d21b87ac949ffafa4c.

2 Svace defects (141053, 142079) is handled as `won't fix`, defended by
assert() checking and logically

Change-Id: I4d29b8e0c430929a57767293ec9c0d442e2f44e4
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoGCM and CCM fixes. 57/86757/7
Dariusz Michaluk [Fri, 2 Sep 2016 13:58:07 +0000 (15:58 +0200)]
GCM and CCM fixes.

Change-Id: I0ddb50041c871bac78f44f34844df2259618a01f

8 years agoFix OpenSSL 1.1 issues 72/87372/3
Krzysztof Jackiewicz [Wed, 7 Sep 2016 14:21:18 +0000 (16:21 +0200)]
Fix OpenSSL 1.1 issues

- 3DES CFB1 implementation is fixed but function that checks buffer overlapping
  ignores the input data length unit resulting in an error. It's impossible to
  create a code that works with both version so #if was used.
- OpenSSL 1.1's EVP_CIPHER_CTX_flags() gets flags from EVP_CIPHER instead of
  EVP_CIPHER_CTX. Call replaced with EVP_CIPHER_CTX_test_flags().

Change-Id: Ic43fd9e02b982bc767259ad3a818314a6e319eb7

8 years agoAdapt YACA to work with OpenSSL 1.1 preserving 1.0 compatibility 65/86965/9
Lukasz Pawelczyk [Mon, 5 Sep 2016 16:50:36 +0000 (18:50 +0200)]
Adapt YACA to work with OpenSSL 1.1 preserving 1.0 compatibility

Change-Id: I27e199659666d2d87b17fcb9882b0e70f751c628

8 years agoUse getrandom(2) for CSPRNG instead of OpenSSL's one 03/85703/8
Lukasz Pawelczyk [Fri, 26 Aug 2016 14:29:26 +0000 (16:29 +0200)]
Use getrandom(2) for CSPRNG instead of OpenSSL's one

In case the getrandom syscall is not available use /dev/urandom directly.

Change-Id: Id1f6889fcb0db0fdd8fefbe13f4fd72c0a8fd5b9

8 years agoFix svace defects 29/87229/1
Kyungwook Tak [Wed, 7 Sep 2016 05:56:45 +0000 (14:56 +0900)]
Fix svace defects

using assert() to check null is good for development
but if it is used partly (using both of assert() and if condition)
SVACE system detects it as defect because to checking it by if condition
means there is probability that it could be null.
So we should choose only one of them(To use assert() or if condition) on
entire of code.

Change-Id: I0da13027c650e11f88f5b06fa35d8f86d43ee879
Signed-off-by: Kyungwook Tak <k.tak@samsung.com>
8 years agoUse proper input length in encryption examples 03/86303/1 accepted/tizen/common/20160901.143419 accepted/tizen/ivi/20160901.065526 accepted/tizen/mobile/20160901.065440 accepted/tizen/tv/20160901.065447 accepted/tizen/wearable/20160901.065507 submit/tizen/20160901.024233
Krzysztof Jackiewicz [Wed, 31 Aug 2016 11:11:43 +0000 (13:11 +0200)]
Use proper input length in encryption examples

Change-Id: I0a20faf41bf2b5e7670baf6100742f851b3420ff

8 years agoConvert yaca_padding_e to value acceptable by OpenSSL 67/86267/1
Krzysztof Jackiewicz [Wed, 31 Aug 2016 09:21:43 +0000 (11:21 +0200)]
Convert yaca_padding_e to value acceptable by OpenSSL

Change-Id: I771de0745f9779c6058199e7edc0edc858dd6d3c

8 years agoFix coding style. 17/86117/3
Dariusz Michaluk [Tue, 30 Aug 2016 13:56:45 +0000 (15:56 +0200)]
Fix coding style.

Change-Id: I7e40fdd1b08c7d73c607971d87565d4c6d122842

8 years agoFix yaca_key_import() memory leak. 52/86052/3
Dariusz Michaluk [Tue, 30 Aug 2016 08:45:21 +0000 (10:45 +0200)]
Fix yaca_key_import() memory leak.

Change-Id: Iec2ee8d01922e0e4b63fc6963071de3eff0b6979

8 years agoAllow 1B longer input in PKCS1 padding 25/86125/3
Krzysztof Jackiewicz [Tue, 30 Aug 2016 14:15:45 +0000 (16:15 +0200)]
Allow 1B longer input in PKCS1 padding

OpenSSL documentation states that for PKCS1 padding the length of encrypted
input must be less than RSA_size(rsa) - 11. In fact the code itself allows less
or equal input length. Also this is what PKCS #1 standard says.

Change-Id: Iab7c7e4b3c3c3c64854f9c9ec67f18f2d7c0b01c

8 years agoHandle wrong padding in RSA public decryption 24/86124/3
Krzysztof Jackiewicz [Tue, 30 Aug 2016 13:16:16 +0000 (15:16 +0200)]
Handle wrong padding in RSA public decryption

Change-Id: Iac3c37d2005bfae06d80c83fe7820436eda28ac5

8 years agoKey wrapping memory optimization. 30/85330/8
Dariusz Michaluk [Wed, 24 Aug 2016 15:20:43 +0000 (17:20 +0200)]
Key wrapping memory optimization.

Change-Id: Ibf49fa12fc7f89554e5c00a0e84d0f832e686fcb

8 years agoFix TYPO:parammeters 47/86047/1
Dongsun Lee [Tue, 30 Aug 2016 08:58:05 +0000 (17:58 +0900)]
Fix TYPO:parammeters

Change-Id: Iee2e8ab019ce5412ad6f7b230a065d553db19847
Signed-off-by: Dongsun Lee <ds73.lee@samsung.com>
8 years agoFix symmetric key handling in seal/open. 02/85102/7
Dariusz Michaluk [Tue, 23 Aug 2016 15:13:27 +0000 (17:13 +0200)]
Fix symmetric key handling in seal/open.

- generate DES key if algorithm is DES,
- use sym_key_bit_len instead of default key length.

Change-Id: Iab6b16af5e60e932aee1d807cf1edc94c99cffbb

8 years agoFix: Always use yaca_cleanup() before exit. 06/85706/3
Dariusz Michaluk [Fri, 26 Aug 2016 14:35:24 +0000 (16:35 +0200)]
Fix: Always use yaca_cleanup() before exit.

Change-Id: Ie82636d54df5acd3397917d9bec07d530f662a05

8 years agoFix yaca_sign_initialize_hmac/cmac memory leak. 31/85531/4
Dariusz Michaluk [Thu, 25 Aug 2016 12:05:56 +0000 (14:05 +0200)]
Fix yaca_sign_initialize_hmac/cmac memory leak.

Fix sign example indentation.

Change-Id: I65664d815ebff5eb5861d24a649ea94c9910915f

8 years agos/INTERNAL_KEYLEN/KEYLEN_COMPONENT/ in the "private" keylen defines 05/85905/6
Lukasz Pawelczyk [Mon, 29 Aug 2016 11:45:18 +0000 (13:45 +0200)]
s/INTERNAL_KEYLEN/KEYLEN_COMPONENT/ in the "private" keylen defines

Change-Id: I990e569bdb85a862d7aca98b2afa114adb6f383c

8 years agoUnify argument naming and description 22/84622/4
Krzysztof Jackiewicz [Mon, 29 Aug 2016 14:19:44 +0000 (16:19 +0200)]
Unify argument naming and description

In digest, sign & simple API:
- data -> message,
- data_len -> message_len,
- data to be verified -> message,
- data to be signed -> message to be signed,
- signature -> message signature to be verified (verify only)
- NULL input allowed

Change-Id: Ib8283fe13e44f1be261b90327f3034a626587d39

8 years agoHandle RSA padding errors 17/84417/18
Krzysztof Jackiewicz [Thu, 18 Aug 2016 09:16:02 +0000 (11:16 +0200)]
Handle RSA padding errors

Change-Id: Ie722ad2ba6c70b4a3ed799ffc8057e0610abc1d4

8 years agoRSA asymmetric encryption example 13/84413/15
Krzysztof Jackiewicz [Wed, 17 Aug 2016 11:15:23 +0000 (13:15 +0200)]
RSA asymmetric encryption example

Change-Id: I7969cf38e05c3551a9497953fb30b8a2c90c5555

8 years agoRSA API implementation 58/83558/15
Krzysztof Jackiewicz [Thu, 11 Aug 2016 13:08:10 +0000 (15:08 +0200)]
RSA API implementation

Change-Id: I343ca08b83076631c6277a057ff6567fe2e866f1

8 years agoRSA low-level API 05/78405/19
Krzysztof Jackiewicz [Mon, 29 Aug 2016 13:45:45 +0000 (15:45 +0200)]
RSA low-level API

Change-Id: Id0d838d97f613d1c9caf1231efdd961c370f2aab

8 years agoAdd possibility to restore default encrypt/decrypt padding. 30/85530/4
Dariusz Michaluk [Thu, 25 Aug 2016 14:09:11 +0000 (16:09 +0200)]
Add possibility to restore default encrypt/decrypt padding.

Introduce new padding type: YACA_PADDING_PKCS7.

Change-Id: I841444c63bfca7a523a2a8df302c8aa38b81e59a

8 years agoEffective key length support in RC2. 82/85082/7
Dariusz Michaluk [Mon, 22 Aug 2016 14:49:39 +0000 (16:49 +0200)]
Effective key length support in RC2.

Change-Id: I82f023d3f620336e823738f187d8db4aef09fb61

8 years agoFix: Allow empty input/output in simple encrypt/decrypt. 75/84375/12
Dariusz Michaluk [Thu, 18 Aug 2016 08:35:04 +0000 (10:35 +0200)]
Fix: Allow empty input/output in simple encrypt/decrypt.

Change-Id: I44663a1ea50982cc641b30df8a3f4959d6ce4c36

8 years agoFix: Check (un)wrapped key length.
Dariusz Michaluk [Wed, 17 Aug 2016 15:23:51 +0000 (17:23 +0200)]
Fix: Check (un)wrapped key length.

Change-Id: I6d664586637f94a0bd5f442f14b7a590a0580d8f

8 years agoUnify simple key param names, EC for sign/verify 41/84841/3
Lukasz Pawelczyk [Mon, 22 Aug 2016 14:12:16 +0000 (16:12 +0200)]
Unify simple key param names, EC for sign/verify

Change-Id: If812d71791c18e7bc798c71a5335f0c498c35ea1

8 years agoFix: Key wrapping, block finalizing before update. 92/84792/7
Dariusz Michaluk [Mon, 22 Aug 2016 08:55:12 +0000 (10:55 +0200)]
Fix: Key wrapping, block finalizing before update.

Change-Id: I8bb6f12c32c7015a6f393f2a76b7884e50c689e9

8 years agoUnify key and IV naming and length unit. 48/85248/4
Dariusz Michaluk [Wed, 24 Aug 2016 08:38:58 +0000 (10:38 +0200)]
Unify key and IV naming and length unit.

Change-Id: Iff2bab3a9b7a59c224cff6007a6edda9e30c2d71

8 years agoRemoved rsa padding TODO 16/84416/4
Krzysztof Jackiewicz [Thu, 18 Aug 2016 06:29:39 +0000 (08:29 +0200)]
Removed rsa padding TODO

RSA_NO_PADDING can be used when message length exactly matches the length of
the asymmetric key. As for now no digest can produce matching output so only
plain asymmetric operation without digest supports it. RSA_SSLV23_PADDING can
be used in asymmetric encryption only.

Change-Id: I9f4b84086bf150994f5eb5cc270203cf8834b683

8 years agoAdd GCM tag length verification 53/84453/2
Krzysztof Jackiewicz [Thu, 18 Aug 2016 14:27:52 +0000 (16:27 +0200)]
Add GCM tag length verification

Change-Id: If3b1c5e33d9a93a2120e8aeddfca024f05355321

8 years agoAdd missing ERROR_DUMP() for EVP_PKEY_size() 40/84240/1
Krzysztof Jackiewicz [Wed, 17 Aug 2016 12:29:47 +0000 (14:29 +0200)]
Add missing ERROR_DUMP() for EVP_PKEY_size()

Change-Id: Ie03a37e9ad91cc4b3876d177b1a45593598f645b

8 years agoHandle encryption API call order 06/83506/4
Krzysztof Jackiewicz [Wed, 10 Aug 2016 08:44:44 +0000 (10:44 +0200)]
Handle encryption API call order

Encryption, decryption, seal & open API functions have to be called in specific
order. This commit introduces state change matrices that are used to verify the
correct call order.

Change-Id: I99029d55bb26af9ec34d7297548c331fbbc41522

8 years agoRemove debug function from examples. 83/83883/4
Dariusz Michaluk [Fri, 12 Aug 2016 12:51:55 +0000 (14:51 +0200)]
Remove debug function from examples.

Remove outdated TODO.

Change-Id: I9cc610efec27fd84a95c1bade1b7b59892e781aa

8 years agoFix: Simple API doesn't support GCM and CCM. 74/83874/4
Dariusz Michaluk [Fri, 12 Aug 2016 10:14:40 +0000 (12:14 +0200)]
Fix: Simple API doesn't support GCM and CCM.

Change-Id: Ief86239a05aacb5671354f3bb11208afea562c80

8 years agoFix: seal/open sym_key_bit_len must be dividable by 8 69/83669/5
Dariusz Michaluk [Thu, 11 Aug 2016 14:31:01 +0000 (16:31 +0200)]
Fix: seal/open sym_key_bit_len must be dividable by 8

Fix documentation.

Change-Id: I8a4ad8bb9bcd91f17c8318cb5a0db744cbed1c34